Today on our Google Hacking week, we continue to use the Google search engine as a source for interesting information. In our previous posts we talked about finding and downloading certain kinds of files but today we are on the lookout for “juicy devices”.
The theory is quite simple : Most appliances like webcams, routers, copiers and more have web interfaces. A lot of different applications and services can also be controlled by a web interface. It’s easy and convenient when you can use the browser on your computer to configure and watch your webcam or change settings on your router while on your local lan. But what if those devices are hooked up directly to the internet ?
Any device that gets connected directly to the internet is at some point scanned and indexed by Google and if you enter the right search term you will be able to find it. The way we are looking for those devices and services today is by using the INURL option. Some web interfaces (to your router or webcam) have a very specific way their URL looks. By searching for those specific url types with the INURL option.. you can find some very cool stuff. If people have done their homework most of these services will be blocked by a unique login or password. But some people just use the default password … or even none at all.
Let us take you an a walk through the net with some very specific INURL Google Dorks.
- This one will get you some interesting webcams (some you can even control with your mouse). Look around and see if you can find the Giraffe Cam.
- More network camera’s here. This one is in some dorm/college. You can control the zoom and the direction of the camera.
- inurl:”:10000″ intext:”webmin”
- Remember we talked about WEBMIN ? This will give you a list of all webmin servers connected directly to the internet. most of them are protected by a password (we hope) .. but common usernames like ROOT and some generic passwords might get you in.
- This will get you a list of PLEX media servers where people can store music and movies to watch on any device (even across the internet). Most of them are locked down with a login/password. Some of them … are not. Happy streaming.
So you see : there are quite a few webservices out there that are inadvertently open to the indexing power of Google. Some clever searching and you can find them.
We close off by going by to our camera in the student dorm. Where is this ? A simple ping of the url gives us the following IP : 22.214.171.124 and by going to Whereisthisip.net we find out that its Sydney Australia. Its THAT simple.
Puzzling information together.
This might all look like fun and games, but badly secured devices are dangerous. Whether you have weirdo’s peeking through your accidentally-publicly-connected Ip camera, or random people printing out documents on your www-connected printer.. its never good. Using the Domain name, the IP and the registration information of the domain people can quickly find out where and even WHO you are. If you skip good security and don’t use passwords (or default passwords) .. it does not bode well for you. Hackers even use the INURL search to find specific webservers/services with vulnerabilities. All they then need to do is run some code to take advantage of the exploit .. and they are in. Hackers don’t NEED to search for your open Webmin server with the buggy (and vulnerable) version of the http code .. Google did it for them.
A couple of days ago I got a second hand 7 inch EEE-Pc as a gift from a friend. Its a cool little system and I was looking for an interesting way of putting it to good use. Of course our “Return of the Netbook” podcast brought many an idea to mind, but I wanted something different. Instead of using it as a workstation, I thought that a little bit of “Server Side technology” would come into good use. The thing is pretty small, consumes no power whatsoever and can do some cool things should you want it to.
Turn it into an “on demand” Nannycam. : One of the simplest alternatives is to install Skype on it and turn it into a Nannycam.
- Install Skype.
- Create a separate account for the laptop
- Set up the laptop to automatically send video.
- Add your Skype account to the friends list.
- Configure : Auto-answer to have the laptop “pick up” whenever you call it using your account.
- Mute the speakers on your laptop.
- ( Or follow this guide )
This is by far the easiest and most cross-platform friendly solution for your old netbook that will help you get some use out of the old baby. Make sure to tweak your security settings on Skype so the laptop won’t accept calls or chats from people outside the contact list. (and just to make sure , cover the webcam with a post-it note when you want to be sure nobody is watching.
What would you use as surveillance software ? Tell us in the comments section.
In the beginning there was crap.
If I do have to point out what programs I use the most beside Firefox, its probably Skype. From what used to be a fancy Voice Over Ip novelty thing where you could talk instead of type it has evolved into a means of communication that has outgrown even my use of IM programs like MSN and all the others. By comparison : I use my cellphone for about 20 minutes a month , while my average Skype time can count up to more then 1 or even two hours a day sometimes. To the amount that what used to be a busy MSN list and an occasional Skype contact fluttering by, is now more of the opposite.
The great thing is that its becoming more and more popular around the world. Not only is the amount of users steadily increasing, the third party technology is finally rising above proto-techno level and is starting to make some seriously interesting stuff.
First off (of course) there where the headsets. Since the coming of Skype the most exotic headsets in all sizes and degrees of quality have popped up on the market. From the flimsy to the “Nasa mission control” style headsets have been used with Skype with various degrees of succes.Later came the handsets. Nothing more than a headset with a mike and line plug to jack into your sound-card. The only difference was that it looked like the handset of a phone. Slightly more inconvenient then a headset I personally think , but useful none the less.More advanced models used USB and the functionality of acting as an external soundcard to give more buzz to the horn. You could now dial numbers on the horn instead of using your keyboard. Since you where only 3 feet away from your keyboard anyway (the cable is just that short) there is no use in that whatsoever.So bring on the external DECT phone.
Using a wireless handset and a USB Dongle connected to your pc , you could now roam the house when calling on skype. Pretty cool and dandy. You could even call people on your skype list and use some models in combination with a classic landline resulting in a hybrid voip/classic phone. Only bummer ? Your Skype had to be running on your pc. It was getting better .. but not yet.
So what do we realy need : Well , a kind of phone like the one mentioned above .. But without the pc . How about a phone that has Skype running inside it. Embedded so to speak. And wouldn’t it be great if that phone would use a standard wireless ethernet connection as the link? No extra devices needed ?
In-bed with Skype.
Enter the embedded skype phone. First time is was rumored was quite some time ago. Netgear was supposed to be working on their model with the program embedded and using Wifi as means of connection. But at a proposed price of 250 Euro”s it did weigh in quite heavy on the wallet. Time to call our next competitor. That one came in the form and shape of the new BELKIN skype phone . Clearly looking a tidbit more snappy then its competitor the Belkin model actually looks like a real phone. (something of a love-child between a Ericsson 610 and a bar of shoe-polish) but nice in both the functionality department (equipped with bluetooth and actively on the lookout for free wifi everywhere) and the price (at some 170 dollars US) For the moment its only available in the US but we will keep you posted when we get our hands on one.
What it boils down to is that WIFI is a serious competitor for classic cellphone carrier signals, GPRS and UMTS when you start having devices like this. Possibly the greatest intrusion on the market of the classic cellphone industry can be made with devices like these. Slowly but surely the age of the pay-per-second phone billing industry is coming to an and and the landline dinosaurs have outlived the flintstone age.
But what would be even cooler ? How about an embedded camera in that phone. Now THAT would be awesome. Being able to call hands free, perch the phone on the table and there you go. But besides from a combination of existing technology into a new product this would also require a change of mentality. The age of email made way for the age of chat. The age of chat has made way for the age of talk and the age of talk will make way for the age of image. The mental upgrade you have to make is using video at any given moment as an enhancement of the communication. Either people webcam with far away family relatives or they are teenagers that are trying to undress their female peers in a futile attempt for kicks. The trick is : Tune it into your way of life. Like me and my buddy Dave for example. We just fire up the webcam as I'm cooking dinner. It might be fun at first to have somebody at the other side of the globe yell at you because your spuds are boiling over. Another cool thing to do (certainly with the built in isight) is to give your buddy a tour around the house. Like with all new technology , at first its a novelty , just playing with it long enough so it becomes natural is the trick.
A long time in the making.
Its been a long time coming , or has it been a long time overdue : Its finally here. The first cross platform VIOP & Videochat application to span the bridge between Mac and Windows users. The switchers holy grail so to speak. The missing link between the two communities.
For those of us who parted the land of the Windows users and boldly buy a Mac, ( either because we did not have the pubes to rebel and buy a harley , or just to score with the chicks) we fairly quickly felt ourselves in isolation of the instant messaging world. Sure , OSX comes with mighty fine chat-tools like for example Ichat .. So that mighty fine Isight web-cam on yours could do some good .. but .. there is no one ON i-chat now is there.
Meanwhile in the Windows world.
Meanwhile in the Windows world people are chatting and nudging and webcamming (and sometimes even stripping) their happy days away with the one big happy family on MSN Messenger. Ok, I was happy to finally get rid of those bouncing smilies, pink backgrounds, screaming avatars and vibrating chat windows .. but this was lonely. Sure there are some good msn clones out there , but none of them support web-camming between YOU and the rest of the world. Sure , there is Mercury ( hellishly slow , weighs a ton, eats memory like Oprah and does not work if you are behind a router) . So there I was , Shiny Isight and no one to wave at. THank heavens to Skype for putting out the great app they make and for bringing us webcam support. I had played with it before : the PC to PC webcam session between two Skype users is faster then watching tv ! If I ever thought the MSN webcam protocol was the pinnacle of streaming video compression : Skype to Skype makes it look like a snail on ice. So as soon as the beta came out I just had to get my hands on it.
Download and install.
Downloaded and installed it on my Imac and rang up my friend Blue on his Windows PC (also with a built in webcam) And both audio and video worked fantastic. Ok the speed is not that good when it comes to video but the quality is awesome. Audio is crispy and when you hit the full screen button .. The future is here.
So with my Macbook on the table , isight tucked away in the lid… Talking full screen to my buddy at the other side of the globe (while doing the dishes) all I needed was a fish in a bowl, a model of the USS Stargazer and a Galaxy class starship beneath my feet.. “ Captain to engineering” .. i shout and tap the invisible communicator on my chest .. No response .. no starship .. As I look at my Skype screen and wave to my distant friend who is tapping finger to his forehead … At least I can say THIS part of the future .. is here. Find your Skype for mac HERE
A whole new deal.
Very soon we will see a culture shift, A change how people interact on the computer scene. My prophecy is nothing less then the end of the almost religious ‘ OS- Wars ‘. From newbie to web-lord, we have all played the paralympic game of ‘ what’s the better OS’ Wether in forums, in chatrooms, in endless slashdot threads or even in the comfort of our own pub : We’ve all been there. Wether Xp is better then 2000, Why Mac Os is better then Windows , and we’ll never forget the face of our local Linux Guru foaming at the mouth after he had to endure your proclamation that Windows ME was the best operating system ever written. ( And he never spoke to you again. ) But very soon the question “What’s your operating system” will be replaced by “ What’s your Primary Os ?”. Any computer with a processor speed over 1.5 gigahertz is quite frankly a waste of money. You don’t see a specific speed increase when you buy a 3 gigahertz or more . Ok , Windows will boot faster , but that does not mean YOU can work any faster. I mean , the processor is not the bottleneck of the system. The question is : What to do with all this extra operating system power … More eye-candy ? Perhaps Vista will be more then happy to gobble up a few million cycles just for Balmers personal pleasure. OR .. we can make the cycles pay off by jumping on the virtualisation train.
All aboard ?
What do you do when you have one OS running , but your computer can carry twice the load ? Well , lets install ANOTHER operating system. I’m not talking Dual Booting here, I’m talking Virtualisation. Running a second Os , INSIDE the first one. The “Base OS” is the main operating system you are running, The “ Guest OS is a virtual version of an operating system neatly compressed into one file.
I know what you are saying. But why “ma cher Knightwise” would i do this ? Here is why.
- Perfect testing : The virtual machine you installed is just ONE FILE. After you install it , make a backup and start fumbling around. Messed up the Guest OS ? Just drag your copy back and you are good to go. You can easily install all kinds of operating systems without having to worry about partitioning.- Space and energy saver : Who said you had to stop with running just one Guest OS . Instead of bricking up your bedroom with countless pc towers you can now have them running as virtual machines on one machine. Needless to say you save money by just owning one pc, you save power cause you only have one power supply to feed and save valuable bedroom time with your space because she doesn’t have to be mad at you all the time for junking up the house with your old ‘test machines”.
- Switchers trouble : I have seen people by a PC or a Mac just for that one task. I’ve seen people buy an extra pc for their on-line banking. I’ve seen switchers go back because they could not get a certain application working on a certain platform. Well, There is an end to switchers trouble and you have all walked through the gates of Sliders heaven (Sliders = cross platform users). Personally I wanted to switch my main machine to linux because I could not get MSN messenger running webcam sessions. (Microsoft does not want to clear the code ) So .. I installed Ubuntu, ran Windows XP as a virtual machine and did the impossible, ran the two Os’es at once and did my Webcam stuff without any trouble. I run Xp on my mac for consulting purposes (when i need to get into a Windows network) and I run Ubuntu in my Xp for testing everything out before I make changes to my ubuntu server.
- Servers dream : The crappy thing about running multiple servers at home is the fact that they eat power. Now you can run several ‘virtual’ servers on the same machine and just have one power supply to feed.
And how do i Do that ?
Before we start : Be sure you have enough memory in your Base Operating system. Each guest operating system requires a chunk of ram. The bigger the chunk, the better the speed. Also see that you have enough storagespace. Not only so the Guest OS can grow to its full potential (About 4 gig”s will do) you also want to make backup copy’s of every clean installed os that you have. Wether you want to run Linux in Xp or Xp in Linux , you need the free vmware player . This is a free application that lets you use pre-built images of virtual machines. So you cant ‘build’ your own virtual machine , just use one that has been pre-built. Now this ‘building’ of a virtual machine tells the virtual machine how to act. Luckily I found THIS site where you can download FREE virtual machine configuration files for just about any operating system you wish. All you need are the installation cd’s of that OS and you are on your way. I’ll be playing with virtual machine more as the week progresses and keep you posted on the results. Meanwhile my “ Piece de resistance “ is a screenshot of an msn webcam session in Windows XP , running as a virtual machine on my Ubuntu (base) workstation. Sliders .. the end of our troubles is in side and we are virtually saved.
A lot of Chitchat.
As a slider ( somebody who moves swiftly between operating systems like Windows, Mac and Linux ) I am often confronted with the question : What tool do I use for what ? There are of course plenty of ‘switcher tips” out there to help people out who decide to jump from one OS to the other. These ‘switch-lists’ are composed of tables representing a certain application in one operating system , and its counterpart on the other side of the fence. For example : Microsoft Office on Windows has Open-office as its counterpart in Linux (and also in Mac OS). Some applications are called cross-platform , these are of course the ideal ones. An exactly identical version exists in all operating systems. For example : Firefox , or Thunderbird. All versions look and feel exactly the same no matter what OS you are on.
But sometimes you have to look for stuff that “looks” or “behaves just like” the original version in one operating system. Classic example here is the Switchers nightmare MSN Messenger. Unfortunately insanely popular among Windows Users here in Europe. But : Microsoft clings to this little peace of software like there is no tomorrow. Deliberately setting back the versions that are brought out on other operating systems (like for example on Mac OSx) and not disclosing any code to the open source community so their IM clients would be able to interact with MSN Messenger. The result is the entire thing has to be reverse engineered to make it work.
What about MSN ?
A question often asked is : What do I use instead of MSN on other systems. Now there are some viable alternatives out there, but the one most commonly found on both Mac and Linux systems is AMSN . This noble attempt at Msn messenger ‘approximation’ has been running strong for quite some years now. Their main concern was to be able to crack the hard nut of enabling cross platform msn audio and video-chat. A noble cause since Microsoft does shield that box of tricks very well to the outside world. Now the AMSN people said they cracked it. They had gotten in working. Onto the labs dear friends ! My first test ( video chat between my powerbook and my girlfriends Ibook) worked just fine .. behind the firewall. But once I tried to talk or send files to the outside world ? No go.. Amsn does not deal with NAT translation very well. ( Well , it can’t cope with it at all). Making matters worse : Amsn runs on the Mac like a rhinoceros on a valiumtrip. Slow and jerky to respond and not at all reliable. So i’m back to my ‘non video chat’ enabled alternative ADIUM. A great, highly customizable, well supported alternative. The downside ? No video-chat (file transfer works excellent) AND only available on Mac. As for a Linux alternative to MSN i’ve stuck with GAIM for being the better product.
Too bad actually , I mean , these guys over at msn have a quite good cross platform product and are able to crack a fantastic nut in getting video-chat to work .. But then they get stuck on this simple thing like Nat transgression. Perhaps its time for all these ‘alternative messenger clients” to start working together and produce one kick-ass open source Messenger alternative and overcome one of the final pitfalls for users switching to a non Microsoft OS.